1. Field of the Invention
This invention pertains generally to computer security, and more particularly to concealing access patterns to disk and memory.
2. Description of Related Art
Many enterprises and individuals encrypt data that they store in the cloud to achieve confidentiality and privacy. However, when data is accessed interactively (such as through online cloud storage services like Dropbox and SkyDrive), encryption is not enough to ensure privacy. By observing the locations of data accessed, an attacker can often easily recover information about the encrypted data without ever needing to decrypt it. It will be noted that cloud computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than using a local server.
As cloud computing gains momentum, an increasing amount of data is outsourced to cloud storage, and data privacy has become an important concern for many businesses and individuals alike. Encryption alone may not suffice for ensuring data privacy, as the mere knowledge of data access patterns can provide a significant amount of information about the data as well. One example found in the literature described a sequence of data access requests q1; q2; q3 that were always followed by a stock exchange operation, whereby sensitive information can be obtained by the server, or at the server, even when the data is encrypted.
Oblivious RAM (or O-RAM) is a term which has come to mean a primitive intended for hiding storage access patterns, with the problem being initially studied in the context of software protection, i.e., hiding a program's electronic data storage (memory) access patterns to prevent reverse engineering. With the trend of cloud computing, O-RAM also has important applications in privacy-preserving storage outsourcing applications.
Accordingly, a need exists for a practical method and apparatus for implementing a form of Oblivious RAM for concealing access patterns to electronic data storage (e.g., disk and memory) for enhancing security.